For SpeakersPlease add your presentation to your session by attaching a pdf file to your session (under Manage Session > + Add Presentation). We will export these presentations daily and feature on the connect.linaro.org website here. Videos will be uploaded as we receive them (if the video of your session cannot be published please let us know immediately by emailing connect@linaro.org).

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

ARM TrustZone shields the most critical security components from the normal world legacy OS, which grows larger and more complex over time and has become quite difficult to harden. However, in recent years we have also witnessed memory exploits targeting TrustZone systems as well. Such vulnerabilities can be utilized by the attackers as the bridge to further subvert the secure OS, thus take over the whole device.

As an important mission of the open source project under the MesaTEE platform, we aim to bring memory safety to ARM TrustZone. In particular, we enabled Rust programming for Trustlets, making them immune to memory exploits by nature while preserving native execution speed. Unlike the previous attempts, Rust OP-TEE TrustZone SDK is the first to:

- utilize the Rust programming language's security checks and type checks, so that developers can never misuse; - enable Rust standard library and millions of Rust crates/libraries for developing Trustlets, so that developers can conveniently leverage the existing rich Rust ecosystem; - provide automatic Trustlet lifecycle management via the "resource allocation is initialisation" (RAII) design pattern, preventing errors where a resource is not finalised and where a resource is used after finalisation, so that developers no longer bother calling session/context related APIs manually.

We will present our current implementation based on OP-TEE (complying to the GlobalPlatform TEE specifications), and will provide demonstrations for popular TrustZone applications like secure storage, key management, device identification, authentication, DRM, etc. Most importantly, we revolutionarily provide support for trusted and secure machine learning computation in TrustZone. To our best knowledge, we are the first to offer safe, fast, functional, and ergonomic development for Trustlets.

Mingshen Sun is a senior security researcher of Baidu X-Lab at Baidu USA. He received his Ph.D. degree in Computer Science and Engineering from The Chinese University of Hong Kong. His interests lie in solving real-world security problems related to system, mobile, IoT devices and... Read More →